You Can Only Verify What You Can See

I participated in my first hackathon, and it was glorious! When I was first starting my career, we didn't really do this, at least not that I knew. As my career progressed, my responsibilities crowded out that kind of focus.

But today we have agentic coding agents. I came up with BioSurface, which extracts claims from prose, typically a biomedical research paper, and then deterministically verifies them against the data package. Like lint but for a research paper.

We do this for the product, of course. But the real joy is in the journey.

As I worked through the arc of ideation to implementation, the autonomous coding agents were doing good work. For me, the highlight was that I was able to do this while on family vacation: my computer left sitting in my hotel room, the agents grinding with the occasional ping on my phone when they needed guidance.

Of course, it's not a real project unless it has a moment of terror. For me, that happened when I was doing the final test run prior to packaging the submission. I figured I'd get Claude to run the full extract-to-audit one last time, just out of an abundance of caution.

It failed. Not in a spectacular explosion, but the "hey, that's missing something subtle" kind of way that you just know is going to take deep investigation to resolve. In running against my test case that had five planted falsehoods, it only found two.

Digging in, I was able to find and fix an obvious issue pretty quickly: a bug in the input processor (specifically the chunker, which yes, is actually a technical term) dropped some of the prose bound for the extractor. The model only emitted two claims, because it only saw prose that contained two claims. Three of the test claims were in chunks the model never saw, and thus never made it to the verifier.

It was an easy fix but a durable lesson: you can only verify what you can see. This is the entire premise of the Verification Surface in my Trust Topology writing.

Once you internalize this, you start to see it everywhere. A code review only catches what's in the diff, no matter how many reviewers you add. A radiological image only reveals things coarser than its resolution. Or, in this case, the verifier only reviews the claims it is shown.

The hackathon tool is built around trying to close that kind of gap. You hand it an analysis bundle: the evidence and the plain-English claims someone wrote about it. Claude drafts those claims, but a deterministic engine decides what the data supports. In the demo, Claude wrote that a gene went down after a knockout. The table said it went up, by a clear margin. The tool flagged the contradiction and linked it to the number. The model proposes; something you (or Claude) can rerun and reproduce decides.

The observation that stood out for me: this is exactly how I built the tool. I have my own utilities that do this for the software development artifacts. The agents write plans, designs, code, and tests. The utility runs deterministic checks and feeds back errors to the implementing AI, who makes the required fixes. Repeat until no issues are reported.

I've been writing about this idea for a while now, across coding agents, medical imaging, and language models. Time and again, I discover the same thing: reliability is a property of the verification surfaces, not the model doing the work. BioSurface is the fourth domain where I watched this hold, now in a field outside of my professional domain against a hackathon clock.

The joy is in the journey of discovery, and this one reinforced one idea while opening a new one. I trust the audit engine. What I'm now dwelling on is how to prove the extractor found everything worth auditing: how do I know all of the claims represented semantically in the prose were captured? Because that turns out to be where the reliability actually lives.

The framework behind this: Trust Topology →